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RECEIVED 

CENTRAL FAX CENTER 

^ ^ DEC 1 6 2005 

Amendment i ^e Claim.*^- 

This listing Of claims will replace all prior versions, and listing, of claims in the 
appJication: 

Listing Qff^ft ria;»,«. 

1 . (Currently Amended) A computer-implemented method of implementing security for 
SOAP messages which can be exchanged between client and server programs, the 
method comprising: 

receiving a SOAP message; 

detemiining whether at least one security mie has been d^fin^H f^r fe-asseeia*ed 
with the SOAP message, the at least one security rule being defined bas^ nn 
n^cociQtod with a security policy for exchanqino SOAP messages which can bo 
exelRGR9e# between at least one client program and at least one server program; and 

perfomning at least one sgpurity related operation on the SOAP mR...s^q ^ based 
on the at least one security rule when the detemiining determines that at least one 
security njle is associated with the SOAP message. 

2. (Cunrentry Amended) A method as recited in claim 1. wherein the at least one 
security mIe deseribes includes a mapping between one or more security identifters 
Keys thatare respectively used by the at least one client program and the at least one 
server program. 

3. (Currently Amended) A method as recited In daim 1 . wherein the performing of at 
least one . security operation includes rnapping maps one or more security Identifiers 
which are recognized by the at least one client program to one or more security 
identifiers which are recognized by the server program. 

4. (Previously Presented) A method as recited in claim 3. wherein the security 
identifiers can include one or more encryption keys, one or more decryption keys, one 
or more signing keys, and one or more keys used to verify one or more signatures. 
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5. (Original) A method as recited in daim 1. 
wherein the method further comprises: 

detemiining a message type for the SOAP message and 

th. <.Zy ""^''^ ^^^""'^y ^"'^ -«-°««ted With 

me i>OAP message comprises: 

looking up rules which are associated with the message type. 

6. (Original) A method as recited in claim 1, 

wherein the at least one security rule includes at least one deayption mie and 
wherein the performing of the at least one operation comprises: 
determining whether the SOAP message is encrypted, and 
decrypting the SOAP message based on one or more decryption l^eys 
which are associated with the at least one decryption rule. 

7. (Original) A method as recited in claim 6. wherein the one or more decryption keys 
are managed by an organization or define an organizational rule. 

8. (Original) A method as recited in claim 1, 

wherein the at least one security rule includes at least one encryption rule, and 
wherein the perfomiing of at least one operation comprises: 

encrypting the SOAP message based on one or more encryption i<eys 
which are associated with the at least one encryption rule. 

9. (Original) A method as recited in claim 8. wherein tine one or more encryption keys 
are associated with an individual. 

10. (OriginaO A method as recited in claim 8. wherein tiie method further comprises: 

detemiining whether tiie SOAP message Is encrypted before attempting to 
decrypt the SOAP message. 

1 1 . (Original) A method as recited in claim 6. wherein the method further comprises: 

detemiining whether the SOAP message has been encrypted successftrliy; and 
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taklng appropriate action when the determmfng determines that the SOAP 
message has not been encrypted successftjily. 

12. (OriglnaO A method as recfted in daim 1, 

rule- anT'^'" """^ '^'""^ ""'^ ''9"^*"^^ v^nf^oatlan 

wherein the perfomiing of at least one operation comprises: 

verifying at least one signature associated with the SOAP message per 
requirements specified by the at least one signature verification rule. 

13. (Original) A method as recited in claim 12. wherein the method further comprises- 

detemiining whether the at least one signature associated with the SOAP 
message has successfully been verified; and 

taking appropriate action when the determining determines that one or more of 
the at least one signature has not been successfully verified. 

14. (Original) A method as recited In claim 1, 

wherein the at least one security rule includes a signing rule; and 
wherein the perfonnlng of at least one operation comprises: 

signing the SOAP message using one or more keys which are associated 
with the at least one security rule. 

15. (Original) A method as recited in daim 1 . wherein at least one portion of the SOAP 
message Is in XML. 

16. (Original) A computer-Implemented method of implementing security for SOAP 
messages exdianged between dient and server programs, the method oomprislng: 

receiving a SOAP message; 

detemiining whether at least one decryption rule is associated with the SOAP 
message; 
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*a at lea,, one dec^«o„ ^ 
de«ypl.on rule is e..ooiat«i„!,htt,e SOAP ^ssese- « thai at leas, one 

^^deteonlning whether a, ,ea« one ^on n^ Is associated with «,e SOAP 

leas, „„?7""' " "^^^ ^'^"-'^ With the a. 
^ast one deo^o^ton rule when the determining detennlnes that a. leas, one encypSon 
rale IS associated witti *e SOAP message; n<»yP"on 

SOAP T^'"" " °"' ""^ ^'^O ^ *• 

oOAP message; 

verifying at least one signature associated with the SOAP message per 
rBquirements specified by the at least one signature verification mie when the 
determining detennlnes that at least one signature verification mle is associated with 
the SOAP message; 

determining whether at least one signing rule is associated with the SOAP 
rnessage; and 

signing the SOAP message using one or more keys associated with the at least 
one signing rule. 

17. (Original) A computer readable medium having computer program Instructions 
stored therein for performing the method of claim 16. 

1 8. (Original) A method as recited in claim 16. wherein the method further comprises: 

detemiining a message lype for the SOAP message, and 
looking up rules which are associated with the message type. 

19. (Original) A method as recited In claim 16. wherein at least one portion of the SOAP 
message is XML 

20. (Original) A method as recited In claim 16. wherein the method further comprises: 

detemiining whether the SOAP message Is encrypted before attempting to 
decrypt the SOAP message; 

determining whether the SOAP message has been encrypted successfully; and 
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rne^^Zt"^ '^'^'"^ SOAP 

meseage haa not been enoypted successfully. 

21. (OHain.,) A mea^od as ^ted In Ca™ 16, „ho^,„ 

.-etem-ning v,ne«,er .he a. least one signature associated ^ tt,e SOAP 
message has successftjlly been verified; and 

signaturhaaZr*" "^""'^ "^""^^ « 

Signature has not been successfully verified. 

22. (onglnal) A computer readable medium having computer program instructions 
stored therein for performing the method of claim 1. 

23. (Original) A traffic manager for facilitating communication between a client node 
and a server node in a distributed computing environment, the server node having a first 
interface associated therewith which is incompatible with direct communications 
generated by the client node, the traflic manager comprising a central processing unit 
which can operate to; 

receive a SOAP message; 

determine whether at least one security rule is associated with the SOAP 
message, the at least one security rule being associated with a security policy for SOAP 
messages which can be exchanged between at least one client program and at least 
one server program; and 

perform at least one operation based on the at least one security mle when the 
determining detemiines that at least one security mie is associated with the SOAP 
message. 

24. (Original) A traffic manager as recited in dalm 23. wherein the at least one security 
rule descnbes a mapping between one or more keys respectively used by the at least 
one client program and the at least one server program. 

25. (Original) A traffic manager as recited in claim 23. wherein the performing of at 
least one operation maps one or more security identifieiB which are recognized by the 
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one 



26. (onginal) A n^ethod .s .cited In Cairn 25, herein the one or n^ore security 
.dent^ers can mCude one or more encryption keys, one or more deception Keys , 
or .ore s^n-'n. keys, and one or .ore Keys used to ve^ one or .orsirnatul 

27. (Original) A computer-implemented method of protecting a sender program from 
sen/ice attacks, the method comprising: 

receiving a SOAP message; 

detemiining whether at least one rule is associated with the SOAP message 
collecting data that may be required to evaluate the at least one rule- 
evaluating the at least one rule at least partially based on the collected data- and 
detemiining whether the SOAP message constftutes a service attack based on 
the evaluating of the at least one rule. 

28. (Original) A method as recited in claim 27. wherein the detemilning of whether at 
least one rule is associated with the SOAP message comprises at least one of the acts 
ot 

(a) detemilning a message type for the SOAP message; 

(b) determining a sender node for the SOAP message; and 

(c) determining a recipient node fbr the SOAP message. 

29. (Original) A method as recited in claim 28. wherein the detemiining of data that may 
be required to evaluate the at least one rule comprises: 

detemiining which portion of history of at least one of the message type, sender 
node, and recipient node should be collected. 

30. (Original) A method as recited in claim 27. wherein the method further comprises: 

denying service when the detemiining detemilnes that the SOAP message 
constitutes a service attack. 
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jak,n9 ~n,ed,al ,c«o„ when dete^ining dete^ine. «,a, the SOAP IL'ae 
constitutes a service attack. message 

a^W " " ^"'^ - "^-^ -r^edla. 

It . " the SOAP message, making a log 

er^try. ,nvok.ng a programming object, and sending an additional SOAP message. 

33. (Original) A computer-imptemented method of protecting a server program from 
semce attacks, the method comprising; 
receiving a SOAP message; 

detemiining at least one of: (a) a message type for the SOAP message (b) a 
senderforthe SOAP message, and (c) a recipient for the SOAP message; 

detemiining whether at least one mie is associated with at least one of the 
message type (a) . the sender (b), and the- recipient (c); 

selecting at least one portion of the data which has been collected for at least 
one of the message type (a) , the sender (b). and the recipient (c); 

evaluating the at least one rule using the selected at least one portion of data- 

and 

detemiining whether the SOAP message constitutes a service attack based on 
the evaluating of the at l^st one rule. 

34. (Original) A method as recited in claim 27. wherein the method ftirther comprises- 

denymg service when the determining determines that the SOAP message 
constitutes a service attack. 

35. (Original) A method as recited in claim 33. wherein the method further comprises- 

taking remedial action when the detemilning determines that the SOAP message 
constitutes a service attack. 

36. (Original) A method as recited In claim 7. wherein the remedial action includes 
notifying an administrator, holding the SOAP message, making a log entry, invoking a 
programming object, and sending an additional SOAP message. 
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stotetlfh9iBintorperfbrmfngthemethodofclalm27. 

ZT^' "''"^'^'^'"^ «-munic«ion b«ween a o«e„. no., 

an. a node ,n a d.s«uW con,pu„„, .nv^n^ent m. se^er node having a 1,^ 
■nterfa^ associated therewith which i, ,„con,pa«b,e v« dD,C oon,n,un,ca,ions 
generated by tt,e client noda, .he tra«o n,ana8„ comprWn, a cental processing unit 
Which can operate to: ^ 

receive a SOAP message; 

determine whether at least one rule is associated with the SOAP message; 
collect data that may be required to evaluate the at least one rule- 
evaluate the at least one rule at least partially based on the oolleoted data; and 
determine whether the SOAP message constitutes a se/vloe attack based on the 
evaluating of the at least one rule. 

39. (Original) A computer-implemented method of controlling publication of or access to 
a SOAP interface associated with one or more sen/er programs, the method 
comprising: 

identifying a SOAP interface for which publication or access is requested; 

determining whether one or more rules are associated with the SOAP interface, 
the one or more rules describing one or more poliaes with respect to publication of or 
access to the SOAP interface; 

evaluating the SOAP interface; and 

determining whether publication of or access to the SOAP interfece should be 
granted based on the evaluating of the SOAP interface. 

40. (Original) A method as recited in claim 39. wherein the method further comprises: 

identrfylng a WSDL file for the SOAP Interface. 

41. (Original) A method as recited in claim 40. wherein a programmer identifies the 
SOAP interface and the WSDL file. 
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ulrTr r r^"* ^ "^^^ ^ ^^^^^^ P-^---- ••nter.cts 

user mtertace to identify the SOAP Inferfece and the WSDL ffle. 

43. (Original) A method as recited in claim 42. 

Wherein the programmer interacts with a user interface of a traffic manager to 
detemilne whether one or more existing ruies are associated with the SOAP interface- 
and ' 

wherein the programmer interacts with a user interface of a traffic manager to 
request that one or more rules be approved for the SOAP interface. 

44. (Original) A method as recited in claim 42, wherein the one or more rules 

. associated with the SOAP interface can be rules associated with at least one of a 
message type, a sender, or a recipient of SOAP messages that can be passed through 
the SOAP interface. 

45. (Original) A method as recited in claim 39. wherein the evaluating of the SOAP 
interface is done at least partly based on one or more rules associated with the SOAP 
interface. 

46. (Original) A method as recited in claim 45, wherein the evaluating of the SOAP 
interface is done at least partly by a person. 

47. (Original) A method as recited in claim 46. wherein the person is an administrator. 

48. (Original) A method as recited in claim 47. wherein the method further comprises: 

modifying the SOAP interface. 

49. (Original) A method as recited In claim 48. wherein the modifying is perfomied at 
least partly by a person. 

50. (Original) A method as recited in claim 49, wherein the person is an administrator. 
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stored th,rB,n for performins the m«hod of claim 39. 

52^(Ori8inal) A traffic manager for (acilitatlna communication between a client node 

ilr^r*' "°*r " "'"^"^ enwonment ^.ver node havine a fii^t 

interfece assoc«t«. therewith which is incompatibie with direct communications 
generated by the client node, the manager comprising a oent,^| processing unit 
vi/nrcn can operate to: 

identffy a SOAP interface for which publication or access is requested- 
deterniine whether one or more rules are associated with the SOAP interface 

the one or more rules describing one or more policies with respect to publication of or 

access to the SOAP interface; 

evaluate the SOAP interface; and 

determine whether publication of or access to the SOAP interface should be 
granted based on the evaluating of the SOAP interface. 

53. (Previously Presented) A computer-implemented method of controlling publication 
of or access to a SOAP interface to one or more server programs, the method 
comprfsing: 

(a) identifying a SOAP interface and a WSDL file fbr the SOAP interface for 
which publication or access is requested, wherein the identifying can be performed by a 
first person by accessing a user interface of a SOAP traffic manager; 

(b) detemiining whether one or more rules already apply to the SOAP message, 
the one or more rules describing one or more polides with respect to publication of or 
access to the SOAP interface, wherein the detemiining (b) can be performed by the first 
person by accessing a user interlace to a SOAP traffic manager; 

(c) requesting approval of one or more additional rules fbr the SOAP message 
wherein the requesting can be performed by the first person by accessing a user 
iriterfaoe to a SOAP traffic manager 

(d) evaluating the SOAP interface or at least one mle associated with the SOAP 
interface, wherein the evaluating can be perfonned at least partly by a second person 
who can access the SOAP traffic manager, and wherein the at least one rule can be a 
pre-existing rule or an additional rule; and 
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access the SOAP traffic manager. 

SMOrtglnal) A method as reCed in claim 39. wherein the fi^t person Is a programmer 
and the second person is an administrator. programmer 

55. (Original) A method as recited In claim 39. wherein the method further comprises- 

modtfymg the SOAP interface or one or more additional rules for the SOAP 
.nterface. wherein the modifying can be perfom^ed at least partly by a second person 
who can access the SOAP traffic manager. 

56. (Original) A compdter-lmplemented method of processing SOAP messages, the 
method comprising: 

receMng a SOAP message; 

determining whether at least one rule Is associated with the SOAP message: 
evaluating the at least one rule based on at least one portion of the SOAP 
message; and 

determining whether an action should be taken with respect to the SOAP 
message based on the evaluating of tfie at feast one rule. 

57. (Original) A method as recited In claim 56. wherein the method further comprises: 

detemilning whether at least a portion of data of the SOAP message should be 
considered to evaluate the at least one rule when the detemilning determines that at 
feast one rule is associated with the SOAP message. 

58. (Original) A method as recited fn claim 56, wherein the detemiining of whether at 
least one rule rs associated with the SOAP message comprises at least the acts of: 

(a) deternilning a message type for the SOAP message; 

(b) detemfilning a sender node for the SOAP message; and 

(c) determining a recipient node for the SOAP message. 
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ZIT'T T""' " ^' «" « one rule .pecMes a. 

60. (Ortgjn^) A .^od a. rec»ed in Cai. a9. wherein me .e.ho. fum„r c^prtses: 

gathering at least one portion of the SOAP message. 

61. (Original) A method a, recited In daim 66, wherein the n^thod fa,tt,er oompnses- 

'^'"9 <"» actions when the detenninlngofwhether an aottenh required 

determines that action is required. 

62. (Original) A method as recited in claim 56. 

wherein the method further comprises: 

taking one or more actions when the delemiining of whether an action is 
required detennines that action is required, and 

Wherein the one or more actions include: holding the SOAP message, archiving 
the SOAP message, failing SOAP message delivery, sending a notification, and logging 
special notification. 

63. (Original) A method as recited in claim 62. wherein the SOAP message is held for 
review by a person. 

64. (Original) A computer readable medium having computer program Instructions 
stored therein for performing the method of claim 56. 

65. (Original) A traffic manager for facilitating communication between a client node 
and a server node in a distributed computing environment, the server node having a first 
interface associated therewith which is incompatible with direct communications 
generated by the client node, the traffic manager comprising a central processing unit 
which can operate to: 

receive a SOAP message; 

determine whether at least one mle Is associated with the SOAP message; 
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.^rir""'^'"*'""'^"'"'''-^--—- SOAP 

Ctermln. whether an action should b. taken wNh aspect to tt,e SOAP 
message bas«d on the evaluating of tt,e at leas, one mte. 

^ (Onglnal) A con.pu,eMmpte,nen.ed ^ of p^ceselng SOAP messages the 

method comprising: *«aws>, tne 

receiving a SOAP message; 

determining at least one of (a) a message type for the SOAP message (b) a 

senderforthe SOAP message, and (c)aredpientfortheSOAP message- 

determining whetherat least one conditional data rule is associated with at least 
one of the message type (a), the sender (b), and the recipient (c); 

selecting at least one portion of the SOAP message based on the at least one 
conditional data rule; 

evaluating the at least one mie using the selected at least one portion of the 
SOAP message; and 

detemiining whether action is required to be taken with respect to the SOAP 
message based on the evaluating. 

67. (Original) A method as recited in claim 66. wherein the method further comprises: 

taking one or more actions when the detemiining of whether an action is required 
detemriines that action is required. 

68. (Original) A method as recited in claim 67. 

wherein the method further comprises: 

taking one or more actions when the detemiining of whether an action is required 
determines that action is required, and 

Wherein the one or more actions include: holding the SOAP message, archiving 
the SOAP message, failing SOAP message delivery, sending a notification, and logging 
special notification. 
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